Merge pull request #105188 from MicrosoftDocs/master

2/21 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -48810,6 +48810,21 @@
       "source_path": "articles/terraform/terraform-vm-managed-identities-for-azure-resources.md",
       "redirect_url": "/azure/terraform/terraform-create-complete-vm",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Speech-Service/speech-devices-sdk-android-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-devices-sdk-quickstart?pivots=platform-android",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Speech-Service/speech-devices-sdk-linux-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-devices-sdk-quickstart?pivots=platform-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Speech-Service/speech-devices-sdk-windows-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/speech-service/speech-devices-sdk-quickstart?pivots=platform-windows",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory/conditional-access/TOC.yml

@@ -13,7 +13,7 @@
 - name: Tutorials
   items:
   - name: Require Azure Multi-Factor Authentication
-    href: /authentication/tutorial-enable-azure-mfa.md?toc=/azure/conditional-access/toc.json&bc=/azure/conditional-access/breadcrumb/toc.json
+    href: ../authentication/tutorial-enable-azure-mfa.md?toc=/azure/active-directory/conditional-access/toc.json&bc=/azure/active-directory/conditional-access/breadcrumb/toc.json
 - name: Concepts
   expanded: false
   items:

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 02/11/2020
+ms.date: 02/21/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -52,13 +52,17 @@ Selecting this checkbox will require users to perform Azure Multi-Factor Authent
 
 Organizations who have deployed Microsoft Intune can use the information returned from their devices to identify devices that meet specific compliance requirements. This policy compliance information is forwarded from Intune to Azure AD where Conditional Access can make decisions to grant or block access to resources. For more information about compliance policies, see the article [Set rules on devices to allow access to resources in your organization using Intune](https://docs.microsoft.com/intune/protect/device-compliance-get-started).
 
+A device can be marked as compliant by Intune (for any device OS) or by third-party MDM system for Windows 10 devices. Third-party MDM systems for device OS types other than Windows 10 are not supported.
+
+Devices must be registered in Azure AD before they can be marked as compliant. More information about device registration can be found in the article, [What is a device identity](../devices/overview.md).
+
 ### Require hybrid Azure AD joined device
 
 Organizations can choose to use the device identity as part of their Conditional Access policy. Organizations can require that devices are hybrid Azure AD joined using this checkbox. For more information about device identities, see the article [What is a device identity?](../devices/overview.md).
 
 ### Require approved client app
 
-Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app.
+Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client aps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution.
 
 This setting applies to the following client apps:
 
@@ -99,9 +103,7 @@ This setting applies to the following client apps:
 
 ### Require app protection policy
 
-In your Conditional Access policy, you can require an app protection policy be present on the client app before access is available to the selected cloud apps. 
-
-![Control access with app protection policy](./media/technical-reference/22.png)
+In your Conditional Access policy, you can require an [Intune app protection policy](/intune/app-protection-policy) be present on the client app before access is available to the selected cloud apps. 
 
 This setting applies to the following client apps:
 
@@ -116,6 +118,10 @@ This setting applies to the following client apps:
 - The **Require app protection policy** requirements:
     - Only supports the iOS and Android for device platform condition.
 
+### Terms of use
+
+If your organization has created terms of use, additional options may be visible under grant controls. These options allow administrators to require acknowledgment of terms of use as a condition of accessing the resources protected by the policy. More information about terms of use can be found in the article, [Azure Active Directory terms of use](terms-of-use.md).
+
 ## Next steps
 
 - [Conditional Access: Session controls](concept-conditional-access-session.md)

articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md

@@ -46,6 +46,9 @@ The following steps will help create a Conditional Access policy to require devi
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create to enable your policy.
 
+> [!NOTE]
+> You can enroll your new devices to Intune even if you select **Require device to be marked as compliant** for **All users** and **All cloud apps** using the steps above. **Require device to be marked as compliant** control does not block Intune enrollment. 
+
 ### Known behavior
 
 On Windows 7, iOS, Android, macOS, and some third-party web browsers Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.

articles/active-directory/conditional-access/terms-of-use.md

@@ -82,7 +82,7 @@ Once you have finalized your terms of use document, use the following procedure
 1. For **Terms of use document**, browse to your finalized terms of use PDF and select it.
 1. Select the language for your terms of use document. The language option allows you to upload multiple terms of use, each with a different language. The version of the terms of use that an end user will see will be based on their browser preferences.
 1. To require end users to view the terms of use prior to accepting them, set **Require users to expand the terms of use** to **On**.
-1. To require end users to accept your terms of use on every device they are accessing from, set **Require users to consent on every device** to **On**. For more information, see [Per-device terms of use](#per-device-terms-of-use).
+1. To require end users to accept your terms of use on every device they are accessing from, set **Require users to consent on every device** to **On**. Users may be required to install additional applications if this option is enabled. For more information, see [Per-device terms of use](#per-device-terms-of-use).
 1. If you want to expire terms of use consents on a schedule, set **Expire consents** to **On**. When set to On, two additional schedule settings are displayed.
 
    ![Expire consents settings to set start date, frequency, and duration](./media/terms-of-use/expire-consents.png)
@@ -274,6 +274,10 @@ If a user is using Windows 10 and Microsoft Edge, they will receive a message si
 
 If they are using Chrome, they will be prompted to install the [Windows 10 Accounts extension](https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji).
 
+### Join an Android device
+
+If a user is using an Android device, they will be prompted to install the [Microsoft Authenticator app](https://play.google.com/store/apps/details?id=com.azure.authenticator).
+
 ### Browsers
 
 If a user is using browser that is not supported, they will be asked to use a different browser.

articles/active-directory/develop/quickstart-v2-ios.md

@@ -114,7 +114,7 @@ In a terminal window, navigate to the folder with the downloaded code sample and
 > 1. Build & run the app!
 > [!div class="sxs-lookup" renderon="portal"]
 > > [!NOTE]
-> > This quickstart supports Enter_the_Supported_Account_Info_Here.
+> > Enter_the_Supported_Account_Info_Here
 > [!div renderon="docs"]
 >
 > 1. Extract the zip file and open the project in XCode.

articles/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal.md

@@ -30,7 +30,7 @@ You must have one of the following licenses to use group-based licensing:
 
 - Paid or trial subscription for Azure AD Premium P1 and above
 
-- Paid or trial edition of Office 365 Enterprise E3 or Office 365 A3 or Office 365 GCC G3 and above
+- Paid or trial edition of Office 365 Enterprise E3 or Office 365 A3 or Office 365 GCC G3 or Office 365 E3 for GCCH or Office 365 E3 for DOD and above
 
 ### Required number of licenses
 For any groups assigned a license, you must also have a license for each unique member. While you don't have to assign each member of the group a license, you must have at least enough licenses to include all of the members. For example, if you have 1,000 unique members who are part of licensed groups in your tenant, you must have at least 1,000 licenses to meet the licensing agreement.